2016 Projects

In this project, we study each element of system information and see what kind of attack can be done using each element. Also, making people aware of the risks they take by granting the permissions that access or use the device information. Educating users by showing them how accessing device information can affect their privacy.

Most of the millions of Android users worldwide use third-party applications from the Google Play store to get more functionality from their devices. Many of these applications transmit sensitive data stored on the device, either maliciously or accidentally, to outside networks. In this project, we will study the ways that Android applications from the Google Play store transmit data to outside servers and develop a user-friendly application to inform and protect the user from these security risks. We will use tools such as TaintDroid, AppIntent, and Securacy to develop an application that reveals what types of data are being transmitted from apps, the location to which the data is being transmitted, whether the data is being transmitted through a secure channel (such as HTTPS) and whether the user is aware that the information is being transmitted. The application will generate a report that allows the user to block the application that leaks sensitive information. In doing so, we will examine the importance, relevance, and prevalence of these Android data security issues.

As the Android mobile OS has become popular, malicious applications (apps) have become increasingly common. Users will often grant apps permission to view personal information and change system settings without fully realizing how much damage a malicious app can do by taking advantage of those permissions. We aim to complete and test the Android Application Permission Manager (AAPM) Framework, which will provide users with in-depth information about the security risks posed by their apps. This program will take into account the number of permissions, how dangerous the permissions are, and whether dangerous combinations are present, among other factors. By utilizing the AAPM, users will be able to evaluate risk and protect themselves from malicious apps much more easily.

We demonstrate the feasibility of using a recurrent neural network as a method of tracking changing methods of cyber-attacks as they evolve with better camouflaging techniques. We introduce the concept of 4D as a method of securing online information: deter, detect, delay, and defend. Creation of a server called “The Honeypot” will be analyzed for cyber-attacks. The implementation of our defense mechanism will be performed using a recurrent neural network with deep learning model to make it a more robust protection against such attacks.

It is a common belief that link signatures between two different receivers and a transmitter are uncorrelated as long as the receivers are at least a quarter of a wavelength away from one another. However, this statement has not been proven in a mathematically rigorous manner so its validity is debatable. We propose that link signatures as they currently stand are vulnerable to attackers because it is possible for them to estimate the channel gain between a transmitter and receiver in an indoors, relatively static environment by using their own link signatures with the receiver. In our research, we will explore how feasible/plausible these attacks are in a real world setting and what some countermeasures may be to protect against them.

JavaScript is ubiquitous online. It's important then, that web applications which use JavaScript are secure against common string manipulation exploits such as SQL injections and cross-site scripting attacks. JavaScript is dynamically typed, and objects can have their methods and properties dynamically modified at runtime -- thus, static analysis tools are a challenge to implement and security analysis tools are consequently limited. We propose the abstract interpretation of JavaScript strings into finite state automata. We augment TAJS (Type Analyzer for JavaScript), an open source dataflow analysis tool for JavaScript, in order to precisely approximate strings in real-world JavaScript code, and warn against common vulnerabilities.